[Openswan Users] Tunnels come up, but not all traffic goesthrough
Herbert Xu
herbert at gondor.apana.org.au
Sun Jun 13 19:11:59 CEST 2004
Jacco de Leeuw <jacco2 at dds.nl> wrote:
>
> The idea is to bind the L2TP daemon to localhost or an internal interface.
> So when IPsec is down and there is no firewall, the daemon is not exposed
> on the external interface. I don't particularly care how this is achieved,
> as long as it's safe and it works. It worked with DNAT on ipsec0. If there
> is another way to do this, I'd be interested to know.
As I explained in the previous message, this is not 100% effective on
Linux as your nexthop will be able to get to that private address.
> Any idea if these patches will be in the mainstream soon?
Well when it has been tested more thoroughly. So if you want to help
please give it a try. You'll find it in on www.netfilter.org.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
More information about the Users
mailing list